Securing Box accounts
Login activity
Applications and devices used to log in to your account are tracked and displayed under Account Settings -> Security. You should periodically check the list of accounts and instruct Box to "forget" the ones that are no longer current or necessary. Any applications you do not recognize should also be removed from this section.
Box support access
Under Account Settings -> Security, there is an option to enable Box technical support to access the contents of your Box account. Make sure this feature is not enabled. If there is an active access grant listed, click on the Revoke button to terminate it. This functionality should not be used if your Box account contains any confidential data. Technical support can be obtained through the ITS Help Desk.
Default link security
Under Account Settings -> Content & Sharing, you can specify how new links should be shared by default. Open is the least restrictive and least secure. Open links are usable by anyone who is sent or can determine the specific link. Open links can be set to auto-expire and require passwords, but this is not set on an open link by default. The most restrictive option is collaborators only. This level requires that people be explicitly invited to access the link. Third party Box applications may require specific levels of access and, as there is little quality control or review of third party applications, some may break with more secure sharing configurations. Set the default link sharing as restrictive as you can for your specific needs. Category I data should never be shared via an open link without a password set.
Notifications of new login activity
Under Account Settings -> Notifications, make sure that Login Activity under General Emails is checked. This will allow Box to send you an email whenever your account is logged into from a new application or host. You may also wish to enable other notifications here if you are working with confidential data.
...